Project

General

Profile

« Previous | Next » 

Revision 5114d3eb

Added by Michael Moll about 8 years ago

use file_line for bootstrap.cfg

Closes GH-385

View differences:

files/lenses/test_trapperkeeper.aug
module Test_Trapperkeeper =
(* Variable: config *)
let config = "
# This is a comment
webserver: {
bar: {
# A comment
host: localhost
port= 9000
default-server: true
}
foo: {
host: localhost
port = 10000
}
}
jruby-puppet: {
# This setting determines where JRuby will look for gems. It is also
# used by the `puppetserver gem` command line tool.
gem-home: /var/lib/puppet/jruby-gems
# (optional) path to puppet conf dir; if not specified, will use the puppet default
master-conf-dir: /etc/puppet
# (optional) path to puppet var dir; if not specified, will use the puppet default
master-var-dir: /var/lib/puppet
# (optional) maximum number of JRuby instances to allow; defaults to <num-cpus>+2
#max-active-instances: 1
}
# CA-related settings
certificate-authority: {
# settings for the certificate_status HTTP endpoint
certificate-status: {
# this setting contains a list of client certnames who are whitelisted to
# have access to the certificate_status endpoint. Any requests made to
# this endpoint that do not present a valid client cert mentioned in
# this list will be denied access.
client-whitelist: []
}
}
os-settings: {
ruby-load-path: [/usr/lib/ruby/vendor_ruby, /home/foo/ruby ]
}
\n"
(* Test: Trapperkeeper.lns
Test full config file *)
test Trapperkeeper.lns get config =
{ }
{ "#comment" = "This is a comment" }
{ "@hash" = "webserver"
{ "@hash" = "bar"
{ "#comment" = "A comment" }
{ "@simple" = "host" { "@value" = "localhost" } }
{ "@simple" = "port" { "@value" = "9000" } }
{ "@simple" = "default-server" { "@value" = "true" } }
}
{ }
{ "@hash" = "foo"
{ "@simple" = "host" { "@value" = "localhost" } }
{ "@simple" = "port" { "@value" = "10000" } }
}
}
{ }
{ "@hash" = "jruby-puppet"
{ "#comment" = "This setting determines where JRuby will look for gems. It is also" }
{ "#comment" = "used by the `puppetserver gem` command line tool." }
{ "@simple" = "gem-home" { "@value" = "/var/lib/puppet/jruby-gems" } }
{ }
{ "#comment" = "(optional) path to puppet conf dir; if not specified, will use the puppet default" }
{ "@simple" = "master-conf-dir" { "@value" = "/etc/puppet" } }
{ }
{ "#comment" = "(optional) path to puppet var dir; if not specified, will use the puppet default" }
{ "@simple" = "master-var-dir" { "@value" = "/var/lib/puppet" } }
{ }
{ "#comment" = "(optional) maximum number of JRuby instances to allow; defaults to <num-cpus>+2" }
{ "#comment" = "max-active-instances: 1" }
}
{ }
{ }
{ "#comment" = "CA-related settings" }
{ "@hash" = "certificate-authority"
{ "#comment" = "settings for the certificate_status HTTP endpoint" }
{ "@hash" = "certificate-status"
{ "#comment" = "this setting contains a list of client certnames who are whitelisted to" }
{ "#comment" = "have access to the certificate_status endpoint. Any requests made to" }
{ "#comment" = "this endpoint that do not present a valid client cert mentioned in" }
{ "#comment" = "this list will be denied access." }
{ "@array" = "client-whitelist" }
}
}
{ }
{ "@hash" = "os-settings"
{ "@array" = "ruby-load-path"
{ "1" = "/usr/lib/ruby/vendor_ruby" }
{ "2" = "/home/foo/ruby" }
}
}
{ }
(* Test: Trapperkeeper.lns
Should parse an empty file *)
test Trapperkeeper.lns get "\n" = {}
(* Test: Trapperkeeper.lns
Values can be quoted *)
test Trapperkeeper.lns get "os-settings: {
ruby-load-paths: [\"/usr/lib/ruby/site_ruby/1.8\"]
}\n" =
{ "@hash" = "os-settings"
{ "@array" = "ruby-load-paths"
{ "1" = "/usr/lib/ruby/site_ruby/1.8" }
}
}
(* Test: Trapperkeeper.lns
Keys can be quoted *)
test Trapperkeeper.lns get "test: {
\"x\": true
}\n" =
{ "@hash" = "test"
{ "@simple" = "x" { "@value" = "true" } } }
(* Test: Trapperkeeper.lns
Keys can contain /
test Trapperkeeper.lns get "test: {
\"x/y\" : z
}\n" =
{ "@hash" = "test"
{ "@simple" = "x/y" { "@value" = "z" } } }
*)
files/lenses/trapperkeeper.aug
(*
Module: Trapperkeeper
Parses Trapperkeeper configuration files
Author: Raphael Pinson <raphael.pinson@camptocamp.com>
About: License
This file is licenced under the LGPL v2+, like the rest of Augeas.
About: Lens Usage
To be documented
About: Configuration files
This lens applies to Trapperkeeper webservice configuration files. See <filter>.
About: Examples
The <Test_Trapperkeeper> file contains various examples and tests.
*)
module Trapperkeeper =
autoload xfm
(************************************************************************
* Group: USEFUL PRIMITIVES
*************************************************************************)
(* View: empty *)
let empty = Util.empty
(* View: comment *)
let comment = Util.comment
(* View: sep *)
let sep = del /[ \t]*[\/:=]/ ":"
(* View: sep_with_spc *)
let sep_with_spc = sep . Sep.opt_space
(************************************************************************
* Group: BLOCKS (FROM 1.2, FOR 0.10 COMPATIBILITY)
*************************************************************************)
(* Variable: block_ldelim_newlines_re *)
let block_ldelim_newlines_re = /[ \t\n]+\{([ \t\n]*\n)?/
(* Variable: block_rdelim_newlines_re *)
let block_rdelim_newlines_re = /[ \t]*\}/
(* Variable: block_ldelim_newlines_default *)
let block_ldelim_newlines_default = "\n{\n"
(* Variable: block_rdelim_newlines_default *)
let block_rdelim_newlines_default = "}"
(************************************************************************
* View: block_newline
* A block enclosed in brackets, with newlines forced
* and indentation defaulting to a tab.
*
* Parameters:
* entry:lens - the entry to be stored inside the block.
* This entry should not include <Util.empty>,
* <Util.comment> or <Util.comment_noindent>,
* should be indented and finish with an eol.
************************************************************************)
let block_newlines (entry:lens) (comment:lens) =
del block_ldelim_newlines_re block_ldelim_newlines_default
. ((entry | comment) . (Util.empty | entry | comment)*)?
. del block_rdelim_newlines_re block_rdelim_newlines_default
(************************************************************************
* Group: ENTRY TYPES
*************************************************************************)
let opt_dquot (lns:lens) = del /"?/ "" . lns . del /"?/ ""
(* View: simple *)
let simple = [ Util.indent . label "@simple" . opt_dquot (store /[A-Za-z0-9_.-]+/) . sep_with_spc
. [ label "@value" . opt_dquot (store /[^,"\[ \t\n]+/) ]
. Util.eol ]
(* View: array *)
let array =
let lbrack = Util.del_str "["
in let rbrack = Util.del_str "]"
in let opt_space = del /[ \t]*/ ""
in let comma = opt_space . Util.del_str "," . opt_space
in let elem = [ seq "elem" . opt_dquot (store /[^,"\[ \t\n]+/) ]
in let elems = counter "elem" . Build.opt_list elem comma
in [ Util.indent . label "@array" . store Rx.word
. sep_with_spc . lbrack . Sep.opt_space
. (elems . Sep.opt_space)?
. rbrack . Util.eol ]
(* View: hash *)
let hash (lns:lens) = [ Util.indent . label "@hash" . store Rx.word . sep
. block_newlines lns Util.comment
. Util.eol ]
(************************************************************************
* Group: ENTRY
*************************************************************************)
(* Just for typechecking *)
let entry_hash_no_rec = hash (simple|array)
let entry_simple_no_rec = simple
(* View: entry_hash *)
let rec entry_hash = hash (entry_hash|simple|array)
(* View: entry_simple *)
let rec entry_simple = simple
(************************************************************************
* Group: LENS AND FILTER
*************************************************************************)
(* View: lns *)
let lns = (empty|comment)* . ((entry_hash|entry_simple) . (empty|comment)*)*
(* Variable: filter *)
let filter = incl "/etc/puppetserver/conf.d/*"
. incl "/etc/puppetlabs/puppetserver/conf.d/*"
. Util.stdexcl
let xfm = transform lns filter
manifests/init.pp
# disable in case CA is delegated to a separate instance
# type:boolean
#
# $server_lenses_dir:: The path of the augeas lenses directory
# type:string
#
# $server_puppetserver_dir:: The path of the puppetserver config dir
# type:string
#
......
$server_jvm_min_heap_size = $puppet::params::server_jvm_min_heap_size,
$server_jvm_max_heap_size = $puppet::params::server_jvm_max_heap_size,
$server_jvm_extra_args = $puppet::params::server_jvm_extra_args,
$server_lenses_dir = $puppet::params::server_lenses_dir,
$server_jruby_gem_home = $puppet::params::server_jruby_gem_home,
$server_max_active_instances = $puppet::params::server_max_active_instances,
) inherits puppet::params {
......
if $server_implementation == 'puppetserver' {
validate_re($server_jvm_min_heap_size, '^[0-9]+[kKmMgG]$')
validate_re($server_jvm_max_heap_size, '^[0-9]+[kKmMgG]$')
validate_absolute_path($server_lenses_dir)
validate_absolute_path($server_puppetserver_dir)
validate_absolute_path($server_jruby_gem_home)
validate_integer($server_max_active_instances)
manifests/params.pp
$sharedir = "${dir_prefix}/share"
$bindir = "${dir_prefix}/bin"
$root_group = undef
$server_lenses_dir = "${dir_prefix}/share/augeas/lenses"
}
/^(FreeBSD|DragonFly)$/ : {
......
$sharedir = '/usr/local/share/puppet'
$bindir = '/usr/local/bin'
$root_group = undef
$server_lenses_dir = '/usr/local/share/augeas/lenses'
}
default : {
......
$vardir = '/opt/puppetlabs/puppet/cache'
$sharedir = '/opt/puppetlabs/puppet'
$bindir = '/opt/puppetlabs/bin'
$server_lenses_dir = '/opt/puppetlabs/puppet/share/augeas/lenses'
} else {
$dir = '/etc/puppet'
$codedir = '/etc/puppet'
......
$vardir = '/var/lib/puppet'
$sharedir = '/usr/share/puppet'
$bindir = '/usr/bin'
$server_lenses_dir = '/usr/share/augeas/lenses'
}
$root_group = undef
}
......
$server_ca_client_whitelist = [ '127.0.0.1', '::1', $::ipaddress ]
$server_cipher_suites = [ 'TLS_RSA_WITH_AES_256_CBC_SHA256', 'TLS_RSA_WITH_AES_256_CBC_SHA', 'TLS_RSA_WITH_AES_128_CBC_SHA256', 'TLS_RSA_WITH_AES_128_CBC_SHA', ]
$server_ssl_protocols = [ 'TLSv1.2', ]
}
manifests/server/augeaslens.pp
class puppet::server::augeaslens {
file { "${puppet::server_lenses_dir}/trapperkeeper.aug":
ensure => file,
owner => 'root',
group => $::puppet::params::root_group,
mode => '0644',
content => file("${module_name}/lenses/trapperkeeper.aug"),
}
}
manifests/server/puppetserver.pp
$server_ca_client_whitelist = $::puppet::server_ca_client_whitelist,
$server_admin_api_whitelist = $::puppet::server_admin_api_whitelist,
) {
require ::puppet::server::augeaslens
include ::puppet::server
$puppetserver_package = pick($::puppet::server_package, 'puppetserver')
......
],
}
$augcmds = $server_ca ? {
true => ['rm @simple[. = "puppetlabs.services.ca.certificate-authority-disabled-service"]',
'set @simple[. = "puppetlabs.services.ca.certificate-authority-service"] puppetlabs.services.ca.certificate-authority-service',
'set @simple[. = "puppetlabs.services.ca.certificate-authority-service"]/@value certificate-authority-service',],
default => ['rm @simple[. = "puppetlabs.services.ca.certificate-authority-service"]',
'set @simple[. = "puppetlabs.services.ca.certificate-authority-disabled-service"] puppetlabs.services.ca.certificate-authority-disabled-service',
'set @simple[. = "puppetlabs.services.ca.certificate-authority-disabled-service"]/@value certificate-authority-disabled-service',],
$ca_enabled_ensure = $server_ca ? {
true => present,
default => absent,
}
augeas { 'puppet::server::puppetserver::server_ca':
context => "/files${server_puppetserver_dir}/bootstrap.cfg",
changes => $augcmds,
incl => "${server_puppetserver_dir}/bootstrap.cfg",
lens => 'Trapperkeeper.lns',
$ca_disabled_ensure = $server_ca ? {
false => present,
default => absent,
}
file_line { 'ca_enabled':
ensure => $ca_enabled_ensure,
path => "${server_puppetserver_dir}/bootstrap.cfg",
line => 'puppetlabs.services.ca.certificate-authority-service/certificate-authority-service',
}
file_line { 'ca_disabled':
ensure => $ca_disabled_ensure,
path => "${server_puppetserver_dir}/bootstrap.cfg",
line => 'puppetlabs.services.ca.certificate-authority-disabled-service/certificate-authority-disabled-service',
}
file { "${server_puppetserver_dir}/conf.d/ca.conf":
spec/classes/puppet_server_config_spec.rb
with_content(/^\s+rundir\s+= #{rundir}$/).
with_content(/^\s+ssldir\s+= #{ssldir}$/).
with_content(/^\s+reports\s+= foreman$/).
with_content(/^\s+privatekeydir\s+= \$ssldir\/private_keys { group = service }$/).
with_content(/^\s+hostprivkey\s+= \$privatekeydir\/\$certname.pem { mode = 640 }$/).
with_content(/^\s+autosign\s+= \$confdir\/autosign.conf { mode = 664 }$/).
with_content(/^\s+privatekeydir\s+= \$ssldir\/private_keys \{ group = service \}$/).
with_content(/^\s+hostprivkey\s+= \$privatekeydir\/\$certname.pem \{ mode = 640 \}$/).
with_content(/^\s+autosign\s+= \$confdir\/autosign.conf \{ mode = 664 \}$/).
with({}) # So we can use a trailing dot on each with_content line
should contain_concat__fragment('puppet.conf+20-agent').
......
it 'should add the branch map to the post receive hook' do
should contain_file("#{vardir}/puppet.git/hooks/post-receive").
with_content(/BRANCH_MAP = {\n "a" => "b",\n "c" => "d",\n}/)
with_content(/BRANCH_MAP = \{\n "a" => "b",\n "c" => "d",\n\}/)
end
end
spec/classes/puppet_server_puppetserver_spec.rb
:server_puppetserver_dir => '/etc/custom/puppetserver',
})
end
it { should contain_augeas('puppet::server::puppetserver::server_ca').
with_changes([
'rm @simple[. = "puppetlabs.services.ca.certificate-authority-disabled-service"]',
'set @simple[. = "puppetlabs.services.ca.certificate-authority-service"] puppetlabs.services.ca.certificate-authority-service',
'set @simple[. = "puppetlabs.services.ca.certificate-authority-service"]/@value certificate-authority-service',
]).
with_context('/files/etc/custom/puppetserver/bootstrap.cfg').
with_incl('/etc/custom/puppetserver/bootstrap.cfg').
with_lens('Trapperkeeper.lns').
with({})
it {
should contain_file_line('ca_enabled').
with_ensure('present').
with_line('puppetlabs.services.ca.certificate-authority-service/certificate-authority-service')
}
it {
should contain_file_line('ca_disabled').
with_ensure('absent').
with_line('puppetlabs.services.ca.certificate-authority-disabled-service/certificate-authority-disabled-service')
}
it { should contain_augeas('puppet::server::puppetserver::jvm').
with_changes([

Also available in: Unified diff